Tag Archive for: warning

CISA Establishes Ransomware Vulnerability Warning Pilot Program

/in


Recognizing the persistent threat posed by ransomware attacks to organizations of all sizes, the Cybersecurity and Infrastructure Security Agency (CISA) announces today the establishment of the Ransomware Vulnerability Warning Pilot (RVWP) as authorized by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. Through the RVWP, CISA will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities with those vulnerabilities, enabling mitigation before a ransomware incident occurs.

The RVWP will identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies, and authorities, including our free Cyber Hygiene Vulnerability Scanning service. Organizations interested in enrolling can email [email protected].

CISA recently initiated the RVWP by notifying 93 organizations identified as running instances of Microsoft Exchange Service with a vulnerability called “ProxyNotShell,” which has been widely exploited by ransomware actors. This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations.

“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations. We encourage every organization to urgently mitigate vulnerabilities identified by this program and adopt strong security measures consistent with the U.S. government’s guidance on StopRansomware.gov.”

The RVWP will be coordinated by and aligned with the Joint Ransomware Task Force (JRTF), an inter-agency body established by CIRCIA and co-led by CISA and the FBI.

For more information on RVWP and other available…

Source…

Scam website alert: Expert reveals 7 warning signs

/in


Share


Are you worried about falling victim to online scams and attacks? If so, you are not alone, as 81% of Brits fear fraudulent attacks, according to the NCSC.   

Scammers have utilised increasingly creative tactics to gain access to your personal information, making it harder to identify and protect yourself from phishing scams and fraudulent attacks. Recently in the UK, consumers have been exploited via fake texts inviting recipients to apply for the £400 energy bill discount, only to be met by a fake ‘Ofgem’ website asking for personal financial details. 

With this in mind, we have joined forces with Bespoke Software Development Company to share some lesser-known tips on how to protect yourself from fraudulent websites and popular scams. 

1. Examine the address bar

There are a few tell-tale signs as to whether a website is fraudulent or not, and these can be easily spotted by just looking at the address bar. Secure websites often have a padlock in the search bar, and will have ‘HTTPS’ at the start of the URL, signalling that the connection is encrypted.

If the website that you are visiting does not have these features, there is a risk it could be fraudulent. It is important that you only visit sites that have ‘HTTPS’, although this does not automatically mean that you can trust the website. 

Scammers often imitate the URLs of authoritative and trustworthy brands or websites by changing the URL slightly with misspellings or punctuation differences. If the URL has these features, it is likely that it could be a phishing site infected with malicious software. 

Expert tips: 

  • Never trust a HTTP website with your personal details. 

  • Do not ignore warnings from your web browser when you are entering dangerous or deceptive sites. 

  • Always check for spelling mistakes and other inconsistencies in the URL.

2. Check for legitimate details 

To avoid risking your money and data when purchasing online, you can check for the company’s existence in real life. You can do this by checking a company’s address and contact information, try using google maps to see if the company’s address exists or calling the listed phone number to see if…

Source…

Cyber security warning after Medibank hack

/in


Live

Cyber Security Minister Clare O’Neil has warned that cyber attacks on large companies could become more common, after an incident at one of the country’s largest private health insurers.

Following revelations of the hacking incident at Medibank, Ms O’Neil said Australian companies must do more to protect customer data.

The health insurer revealed on Wednesday it had received messages from the alleged hackers claiming they had removed customer data, less than a week after it was hit by a cyber attack.

An investigation has been launched, with federal government agencies examining the incident and working alongside Medibank.

Medibank is yet to reveal any more details of the apparent attack, including how many customers were affected.

The company was hit by a cyber attack last week but at the time said there was no evidence sensitive data had been accessed.

On Thursday, Ms O’Neil said the situation was concerning and that agencies were working to stop the data from being released on the internet.

The Medibank hack, following the recent widespread data breach at telecommunications company Optus, is a wake-up call for business.

“This is the new world that we live in, we are going to be under relentless cyber attack essentially from here on in,” Ms O’Neil told ABC Radio on Thursday.

“We need to do a lot better as a country to make sure that we are doing everything we can within organisations to protect customer data and also for citizens to be doing everything they can.”

Medibank is working alongside federal police and the Australian Signals Directorate to manage the breach.

“The reason that I am so concerned about this at the moment is because, of course, of the sensitive nature of the information involved,” Ms O’Neil said.

“What we have here is information that’s held by this organisation, which is healthcare information, and that just on its own being made public can cause immense harm to Australians.”

The Australian Securities…

Source…

Modi govt’s warning for Zoom users shouldn’t be ignored at any cost

/in


The Narendra Modi government has issued a high-risk warning to video conferencing platform Zoom users of attackers getting entry to their system and carrying out mischievous operations.

The Indian Computer Emergency Response Team (CERT-IN) has issued the advisory with a high severity rating on Thursday against multiple vulnerabilities reported in the Zoom products.

CERT-IN alerted in the vulnerability note, “Multiple vulnerabilities have been identified in Zoom products.” It added the flaws “could be exploited by an authenticated attacker to bypass security restriction, execute arbitrary code or cause denial of service conditions on the targeted system.”

CERT-IN is a statutory body with powers from the Information Technology (Amendment) Act of 2008. This nodal agency under the Ministry of Electronics and Information Technology monitors computer security incidents, records susceptibilities, and advocates powerful IT security practices throughout the country. It reveals bugs and cybersecurity threats, including hacking and phishing attacks.

Which versions are affected and why?

CERT-IN has stated that the vulnerabilities are found on Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0.

As per the report, these vulnerabilities exist because of improper access control, debugging port misconfiguration flaw.

How would it influence the system ?

Using these vulnerabilities, the agency warns, an authenticated user could exploit these vulnerabilities to use the debugging port to connect to and control the Zoom Apps running in the Zoom client. The attacker could also prevent participants from receiving audio and video and causing meeting disruptions.

What is the solution?

Users should upgrade to the latest version, as mentioned in Zooms Security advisory.

Zoom’s response

The virtual meeting platform issued an official statement on the report. ““As detailed on our Zoom Security Bulletin page, we have already resolved these security issues. As always, we recommend users keep up to date with the latest version of Zoom to take advantage of Zoom’s latest features and…

Source…